Privacy Policy
This Privacy Policy explains what data the operator of the Adpact service ("Adpact", "we", "us") collects when you use the Adpact Telegram Mini App, bot, and related services (the "Service"), why we collect it, and the choices you have.
Plain-language summary: we collect what the marketplace needs to work — your Telegram identity, your connected wallet address, and the deals you take part in. We don't sell your data. Blockchain data is public by nature and we cannot erase it.
1. What we collect
From Telegram, when you use the app or bot:
- your Telegram user ID, and your username, display name, and language code when Telegram provides them;
- for channel owners: your channel's ID, title, username, and technical status (for example whether our bot is an admin and can post), plus channel statistics such as subscriber count.
From your use of the Service:
- campaigns, offers, and deals you create or take part in — including ad text and media you upload, prices, posting windows, and deal status history;
- your connected TON wallet address(es) and the transaction hashes of deal funding and settlement transactions;
- records of your deals' automated checks: what our bot observed (post found or missing, content match, timing), post links, and stored snapshots kept as evidence;
- if you submit a violation report or a support/data request: the report content, any deal or campaign reference you give, and the optional contact email you type into the form;
- ratings you give and receive, referral relationships and referral codes, engagement-points activity, and notification history;
- an audit log of significant actions (deal transitions, consent acceptances, moderation actions) kept for integrity and security;
- product analytics events (which features are used) tied to your account, used to improve the Service.
Locally on your device: the app stores preferences (language, theme, tips shown, admin session where applicable) in your browser's local storage. We use no advertising cookies or trackers.
What we do NOT collect: your wallet's private keys or recovery phrase (we never see them), your Telegram password or messages outside the Service, or payment-card details (the Service has no card payments).
Our servers, like most, may briefly record technical metadata (such as IP addresses in infrastructure logs) for security and reliability; we do not build profiles from it.
2. Why we collect it
- Running the marketplace: signing you in via Telegram, showing campaigns and offers, forming deals, sending notifications.
- Deal settlement and verification: building each deal's smart-contract parameters, detecting funding on-chain, checking that the agreed ad was posted and stayed live, and settling the outcome automatically.
- Fraud prevention and security: enforcing the objective verification rules, catching manipulation, rate-limiting, moderating accounts and channels, and keeping audit trails.
- Handling problems: support requests and violation reports — all best-effort.
- Legal compliance: keeping records we are legally required to keep and responding to lawful requests.
- Improving the Service: aggregate analytics on feature usage.
We collect consent records (which policy versions you accepted and when) because we are required to be able to show it.
3. Blockchain transparency — please read this
The TON blockchain is a public ledger. Your wallet address, the smart contracts you fund or claim from, transaction amounts, and transaction history are publicly visible to anyone, independent of Adpact, and are permanent — we cannot delete, change, or hide them. Think of anything you put on-chain as public information. Data-protection rights such as erasure apply to data on our own systems, not to the blockchain itself.
4. Who we share data with
We do not sell your personal data. We share it only with:
- Infrastructure providers that host the Service and store uploads (currently cloud hosting and object storage providers), processing data on our instructions;
- The Telegram platform — inherently: the bot posts to channels through Telegram, and the Mini App runs inside Telegram;
- The other party to your deal — only what the deal needs: your public marketplace profile (name/username, channel information, ratings), the deal terms, and deal status. Your wallet address appears in the deal's smart-contract parameters and on-chain;
- Legal and safety recipients — authorities or advisers when the law requires it, or when necessary to investigate fraud, enforce our terms, or protect users;
- A successor operator if the Service is ever handed over or reorganized — under this policy's protections.
5. How long we keep data
- Deal, settlement, verification, audit, and consent records are kept for as long as needed to operate the Service and to meet legal, accounting, and dispute-related obligations — deal and settlement records are kept in full while the Service operates, because they document who was paid and why.
- Uploaded creatives and evidence are kept while the related campaign or deal (and any window to question it) is active, then subject to deletion or archival.
- There is no self-service account deletion. If you ask us to remove your data (through Report a violation in the app), we handle the request on a best-effort basis: account-level data no longer needed to run the Service can be deleted or anonymized, while records that document deals and settlement (including audit, settlement, and consent history) are retained — in minimized form where possible — along with anything we are required or permitted by law to keep.
6. Security
Data in transit is encrypted (HTTPS). Access to production systems and secrets is restricted. Settlement signing keys are held server-side only and never reach your browser or Telegram. No system is perfectly secure — we cannot guarantee absolute security, and you are responsible for the security of your own Telegram account and wallet.
7. Your rights
Depending on your jurisdiction, you may have rights to access, correct, delete, or receive a copy of your personal data, to object to or restrict processing, and to complain to a supervisory authority. To exercise them, submit a request through Report a violation in the app (include your email so you can be answered). Requests are handled on a best-effort basis, and within any timelines that mandatorily apply to us under your law. Note the blockchain limitation in Section 3 and the retention rules in Section 5.
8. International transfers
The Service runs on cloud infrastructure that may be located in countries other than yours (currently primarily the United States). By using the Service you understand that your data may be stored and processed there. Where your local law gives you rights regarding such transfers, contact us.
9. Children
The Service is not directed at children and may not be used by anyone below the age required by Section 2 of the Terms of Service. We do not knowingly collect children's data; if you believe a child is using the Service, contact us and we will take reasonable steps.
10. Changes to this policy
New versions are published in the app with a version number and effective date. For material changes the app asks you to review and acknowledge the new version.
11. Contact & support
Privacy questions and rights requests: use Report a violation in the app (Settings → Report a violation) and include your email for a reply. Handled on a best-effort basis.